Attackers were able to crash previous versions of the network analysis tool Wireshark. Current updates also bring back RTCP analyses.
If attacks on Wireshark are successful, attackers can crash the application. Current versions are protected against such attacks.
Security update
In the according post, the developers state that they have fixed two security vulnerabilities in the new version 4.4.2. If attackers successfully exploit the first software vulnerability, they can overload the CPU by sending a prepared packet (CVE-2024-11595 risk high). In the second case, the application can crash when processing a special request (CVE-2024-11596 risk high).
In addition to Wireshark 4.4.2, version 4.2.9 is also protected against the attacks described. The developers state that there are currently no indications of exploits for these vulnerabilities.
The developers have not only solved the mentioned security problems, but also eliminated some bugs. For example, iPhone mirroring is no longer interrupted under macOS. In addition, the processing of RTCP packets is now successful again, which was disrupted from version 4.4.1 onwards. In addition, the current version now supports new protocols such as ARTNET and ZigBEE ZCL.
Update download
Wireshark downloads are available here.